View Full Version : Infected and Can't Run HJT
Teenangel
2008-11-21, 18:57
I picked up a bit of malware. It claims it is named XP Protection Center and it prevents me running Spybot S&D, it prevents running HJT, it reinstalls itself when I reboot and installs the Google screen as my default browser. It keeps telling me my computer is infected and that I need special spyware removal software to solve my problem. HELP! I ran PCTools registry mechanic and that didn't help -- got rid of a bunch of crud but didn't get rid of this.
Hi Teenangel
Try to rename HijackThis.exe to Teenangel.exe and tell me if it helped :)
Teenangel
2008-11-23, 17:28
Shaba:
Didn't work.
When I double-click on the program to start it. It doesn't even act like it is trying to start.
Same thing happens with Spybot.
This thing is insidious!
Teenangel
Thanks for information.
Tell me if this works:
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Teenangel
2008-11-23, 22:40
The Malwarebytes Anti-Malware seems to have worked, at least the constant pop-up of the "Your computer is infected...." message and the circle with the "X" in it in the tray is gone.
I'm not certain what happened, the software asked for my WinXP CD to restore some damaged files, but when I inserted it into the CD Drive, the system just seemed to lock-up. When I finally told Malwarebytes to exit, I got a message saying, " Dr. Watson Post Mortem Debugger has encountered a problem and must close...." I elected not to tell Microsoft. Then I got a message that "Malwarebytes has encountered a problem and must close..." I again elected to not tell Microsoft.
Since I had a message to restart my computer I restarted my computer, and everything Seems to be working as I said above.
Below is my log from Malwarebytes.
Do I need to do anything else?
Teenangel
_____________________________
Malwarebytes' Anti-Malware 1.30
Database version: 1417
Windows 5.1.2600 Service Pack 3
11/23/2008 12:15:52 PM
mbam-log-2008-11-23 (12-15-52).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|X:\|)
Objects scanned: 227478
Time elapsed: 1 hour(s), 31 minute(s), 19 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 112
Memory Processes Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dw4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42C722E-1B07-4A29-A75C-79198A34B8C1}\RP249\A0046947.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkecj.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkrtj.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSogon.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSpcpr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSwagw.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7e43.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS172c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS18e2.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1aa7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1c6c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1cba.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1edd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS2d64.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS2eac.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS3241.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS33bd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS3713.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS3bfa.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS42b1.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS46a9.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS488d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSa4c6.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSa851.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSabbc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSad81.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSc416.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSd155.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSde55.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSe143.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSe4dd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSe4fc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSeb07.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSee43.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSf0b4.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4cf2.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS5147.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS5455.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS55ac.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS5917.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS59f2.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS5f51.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS6201.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS653d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS6f30.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS74bd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7867.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7980.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7e81.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS80e3.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8392.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8509.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS87d8.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS88b3.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8c2d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8cf4.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8d27.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS9025.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS91e5.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS9699.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS998b.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\wini108015.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\ewyh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS3bbc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS3c29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4b9a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS6a5d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS726c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7654.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1141.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1274.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS23af.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS24a9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS28c0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS2e6d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS82e6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS9db2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS9ebb.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSa090.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSa4c2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSac77.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSb1c6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSc37a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSe6e0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSfe12.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\TDSSae25.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\TDSSae35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqksa.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStskv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
______________________________
Great :)
"I'm not certain what happened, the software asked for my WinXP CD to restore some damaged files, but when I inserted it into the CD Drive, the system just seemed to lock-up."
That is due to fact that infection replaced certain system files and MBAM deleted them because they were infected. We will sort that next.
Download clean beep.sys from here (http://andymanchesta.com/Files/XP/beep.sys ) and copy it to C:\WINDOWS\system32\drivers and
C:\WINDOWS\system32\dllcache folders.
After that:
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Teenangel
2008-11-23, 23:52
I picked up beep.sys and downloaded it. Copied it to ...\system32\drivers but I couldn't locate any ...\system32\dllcache folder on my PC!
Am I just blind? Or should I just run the RSIT program?
Thanks for your help,
Teenangel
No, you are not blind. That folder is hidden by default.
See here (http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp) and post back if you were now able to find it :)
Teenangel
2008-11-24, 16:11
OK! So I was missing a checkmark in my "View" of files.
So I got the "beep.sys" file copied to the correct places and ran RSIT.
I can't tell you how much I appreciate your help. I would buy you lunch, if I could. It would be well worth the cost, many times over.
Teenangel
This is Log File.
-------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Bill at 2008-11-24 06:03:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 1023 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:07 AM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\download\HiJack This\RSIT.exe
C:\Program Files\trend micro\Bill.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
--
End of file - 13643 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-17 343112]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{9566395f-43d2-4c64-b525-b501ffa276e2} - File Print FedEx Kinko's - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\McAgent.exe [2005-09-22 303104]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"UIUCU"=C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE [2004-01-21 532480]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
"RegistryMechanic"= []
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"nwiz"=nwiz.exe /install []
"MPFEXE"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-05-21 124512]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"OpwareSE4"=C:\Program Files\ScanSoft\OpwareSE4.exe [2007-02-04 79400]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"DMXLauncher"=C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-23 90112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-12-21 270336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"UVC"=C:\Program Files\UVC\UVC.exe [2004-11-26 45056]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - D:\palm\Hotsync.exe
Sagicor Life ForeSight Startup Service.lnk - C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
WinZip Quick Pick.lnk - D:\WINZIP\WZQKPICK.EXE
C:\Documents and Settings\Bill\Start Menu\Programs\Startup
Phone Dialer Pro.LNK - D:\Phone Dialer Pro\phonepro.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Fiserv Life Portraits\FipWebServer.exe"="C:\Fiserv Life Portraits\FipWebServer.exe:*:Enabled:FipWebServer"
"I:\act6\ActUpdt.exe"="I:\act6\ActUpdt.exe:*:Enabled:ACT! Update"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\TurboTax Basic 2006\32bit\ttax.exe"="I:\TurboTax Basic 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"I:\TurboTax Basic 2006\32bit\updatemgr.exe"="I:\TurboTax Basic 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer"
"C:\Program Files\Kinko's\FPFK\FPKMain.exe"="C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Enabled:File, Print FedEx Kinko's"
"C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe"="C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe:*:Enabled:File, Print FedEx Kinko's System Tray"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\palm\Hotsync.exe"="D:\palm\Hotsync.exe:*:Enabled:HotSyncŪ Manager Application"
"I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\ttax.exe"="I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe"="I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"E:\WordPerfect Office X4\WordPerfect MAIL\Programs\bin\WPMail.exe"="E:\WordPerfect Office X4\WordPerfect MAIL\Programs\bin\WPMail.exe:*:Enabled:WordPerfect MAIL for Windows"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba60c59-41bc-11da-a8b6-806d6172696f}]
shell\AutoRun\command - Z:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90072bb8-c1f3-11dc-80a3-001921358b90}]
shell\AutoRun\command - J:\setupSNK.exe
======List of files/folders created in the last 1 months======
2008-11-24 06:03:50 ----D---- C:\rsit
2008-11-23 07:43:47 ----D---- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-11-23 07:43:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 07:43:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-21 08:37:25 ----D---- C:\Program Files\Trend Micro
2008-11-20 18:06:23 ----D---- C:\Program Files\gs
2008-11-20 18:03:57 ----D---- C:\Program Files\PlotSoft
2008-11-20 18:03:57 ----D---- C:\Documents and Settings\All Users\Application Data\PlotSoft
2008-11-20 16:06:28 ----A---- C:\WINDOWS\vafujif.vbs
2008-11-20 16:06:28 ----A---- C:\Documents and Settings\All Users\Application Data\huno.com
2008-11-20 15:57:41 ----A---- C:\WINDOWS\xavupadigu.vbs
2008-11-20 15:57:41 ----A---- C:\WINDOWS\sola.bat
2008-11-20 15:57:41 ----A---- C:\Documents and Settings\Bill\Application Data\kufimi.bat
2008-11-20 15:57:40 ----A---- C:\WINDOWS\system32\onubu.com
2008-11-20 15:51:10 ----A---- C:\Program Files\Common Files\yqaxyjyxi.dll
2008-11-20 15:51:08 ----A---- C:\Program Files\Common Files\mijywad.vbs
2008-11-20 15:42:34 ----A---- C:\Program Files\Common Files\yquhymuz.dll
2008-11-20 15:42:33 ----A---- C:\WINDOWS\ypuveb.com
2008-11-20 15:42:33 ----A---- C:\WINDOWS\ugejuma.exe
2008-11-20 15:42:33 ----A---- C:\WINDOWS\system32\yqeda.dll
2008-11-20 15:42:33 ----A---- C:\Program Files\Common Files\yzijiv.com
2008-11-20 15:42:33 ----A---- C:\Documents and Settings\Bill\Application Data\bamehe.bat
2008-11-20 15:42:33 ----A---- C:\Documents and Settings\All Users\Application Data\momiqokyp.bat
2008-11-20 15:11:29 ----A---- C:\WINDOWS\anodi.exe
2008-11-20 15:11:29 ----A---- C:\Program Files\Common Files\ohopymow.com
2008-11-20 15:11:29 ----A---- C:\Documents and Settings\Bill\Application Data\iduv.vbs
2008-11-20 15:11:29 ----A---- C:\Documents and Settings\All Users\Application Data\ahibyt.dll
2008-11-20 15:11:28 ----A---- C:\WINDOWS\wagily.dll
2008-11-20 15:11:28 ----A---- C:\WINDOWS\system32\ibaz.vbs
2008-11-20 15:11:28 ----A---- C:\WINDOWS\lejubibo.vbs
2008-11-20 15:03:48 ----A---- C:\Documents and Settings\Bill\Application Data\nuwigoxik.vbs
2008-11-20 15:03:48 ----A---- C:\Documents and Settings\All Users\Application Data\neticax.com
2008-11-20 15:03:47 ----A---- C:\Program Files\Common Files\anicud.dll
2008-11-20 14:51:14 ----A---- C:\WINDOWS\ywagoxo.bat
2008-11-20 14:51:14 ----A---- C:\Documents and Settings\All Users\Application Data\wajiqijuh.dll
2008-11-20 14:51:11 ----A---- C:\Program Files\Common Files\ybycesagyg.exe
2008-11-20 14:51:11 ----A---- C:\Program Files\Common Files\uwelyn.bat
2008-11-20 14:51:11 ----A---- C:\Program Files\Common Files\fysit.dll
2008-11-20 14:47:44 ----D---- C:\Program Files\XPProtectionCenter
2008-11-20 14:16:05 ----D---- C:\WINDOWS\Minidump
2008-11-20 14:11:31 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-11-17 08:37:24 ----D---- C:\Program Files\COSSTEMP
2008-11-12 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 03:04:11 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-11-08 07:28:48 ----D---- C:\Program Files\Pappocom
2008-11-08 07:28:41 ----D---- C:\Program Files\Common Files\MimarSinan
2008-11-07 17:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Insurance Technologies
2008-11-07 17:57:04 ----D---- C:\Program Files\ForeSight
======List of files/folders modified in the last 1 months======
2008-11-24 06:03:50 ----D---- C:\WINDOWS\Prefetch
2008-11-24 06:00:39 ----D---- C:\WINDOWS\Temp
2008-11-24 06:00:38 ----D---- C:\WINDOWS
2008-11-23 13:43:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 13:43:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 12:28:03 ----D---- C:\Program Files\UVC
2008-11-23 12:26:03 ----A---- C:\WINDOWS\ModemLog_Conexant HCF V90 56K RTAD Speakerphone PCI Modem.txt
2008-11-23 12:25:03 ----D---- C:\WINDOWS\system32
2008-11-23 12:24:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 12:18:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 07:43:38 ----RD---- C:\Program Files
2008-11-22 18:15:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-21 07:49:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 07:48:11 ----D---- C:\Program Files\Registry Mechanic
2008-11-21 07:26:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-20 18:04:23 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-20 18:04:01 ----SHD---- C:\WINDOWS\Installer
2008-11-20 16:06:28 ----D---- C:\Program Files\Common Files
2008-11-20 16:02:14 ----D---- C:\WINDOWS\system32\config
2008-11-20 16:01:32 ----D---- C:\WINDOWS\system32\wbem
2008-11-20 16:01:32 ----D---- C:\WINDOWS\Registration
2008-11-20 15:47:14 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-20 15:26:44 ----SH---- C:\boot.ini
2008-11-20 15:26:44 ----A---- C:\WINDOWS\win.ini
2008-11-20 15:26:44 ----A---- C:\WINDOWS\system.ini
2008-11-20 14:03:28 ----D---- C:\WINDOWS\DRIVERS
2008-11-17 08:37:43 ----D---- C:\TEMP
2008-11-17 08:34:01 ----HD---- C:\WINDOWS\inf
2008-11-16 17:26:45 ----D---- C:\WINDOWS\Help
2008-11-12 03:02:30 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:02:28 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:01:30 ----D---- C:\WINDOWS\WinSxS
2008-11-09 03:04:27 ----D---- C:\Program Files\Microsoft SQL Server
2008-11-09 03:02:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-08 07:33:56 ----D---- C:\Documents and Settings\Bill\Application Data\Adobe
2008-11-08 07:33:55 ----D---- C:\Documents and Settings\Bill\Application Data\Macromedia
2008-11-08 07:33:49 ----D---- C:\WINDOWS\system32\Macromed
2008-11-08 07:33:15 ----D---- C:\WINDOWS\system32\Adobe
2008-11-08 07:32:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 17:49:29 ----RSD---- C:\WINDOWS\assembly
2008-11-03 19:29:02 ----D---- C:\Documents and Settings\Bill\Application Data\InstallShield
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-06-20 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-06-20 9200]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2001-08-13 737973]
S1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-06 35328]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
S3 GMSIPCI;GMSIPCI; \??\Z:\INSTALL\GMSIPCI.SYS []
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-05-06 16694]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-23 47360]
S3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor;Adobe Active File Monitor; D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-12-21 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-09-23 20543]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller; C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2008-02-05 228480]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-12-21 127035]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-12-21 61503]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 RosettaStoneLtdController;RosettaStoneLtdController; C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2007-10-31 354648]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 MSSQL$NR2007;SQL Server (NR2007); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
-----------------EOF-----------------
==========================
AND THIS IS INFO file.
-----------------------------------------
info.txt logfile of random's system information tool 1.04 2008-11-24 06:04:12
======Uninstall list======
-->C:\WINDOWS\ISUNINST.EXE -fh:\eTransform2000\Uninst.isu -ch:\eTransform2000\Uninst.dll
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
ACT! Link 2.0-->IsUnInst -f"D:\palm\Uninst2.isu" -c"D:\palm\UNINST.DLL"
ACT!-->C:\WINDOWS\IsUninstAct.exe -f"i:\act6\Uninst6.isu" -c"i:\act6\UNINSTAL.DLL"
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AmerUs Life Group-->"C:\Program Files\Common Files\Fipsco Shared\FS.EXE" C:\Program Files\Common Files\Fipsco Shared\Script\UninstAMUDesk.EFS
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
Aviva Life-->C:\commerci\UNWISE.EXE C:\commerci\INSTALL.LOG
BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
BMA Annuity-->MsiExec.exe /I{D07D14AC-080E-435D-AE0A-11EF771CEEC9}
Boggle-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BOSS Fonts Manager-->C:\WINDOWS\IsUninst.exe -fC:\BOSSFonts\Uninst.isu
Canon i860-->C:\WINDOWS\system32\CNMCP56.exe "-PRINTERNAMECanon i860" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i860 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i860 Installer\Inst2\cnmi0409.dll"
Canon i950-->C:\WINDOWS\system32\CNMCP4d.exe "-PRINTERNAMECanon i950" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmi0409.dll"
Canon IJ Network Scan Utility-->C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP970 series User Registration-->C:\Program Files\Canon\IJEREG\MP970 series\UNINST.EXE
Canon MP970 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon PIXMA iP1500-->C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->D:\canon\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CD-LabelPrint-->"C:\Program Files\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CorelDRAW 10-->C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10-->MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
Dragon*Point*&*Speak-->C:\WINDOWS\uninst.exe -fi:\natspeak\DeIsL1.isu -c"i:\natspeak\Uninst.dll
File, Print FedEx Kinko's-->MsiExec.exe /X{94DB1FD3-10E1-4C2F-81FA-AFDE9DC06BF5}
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPL Ghostscript 8.63-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.63\uninstal.txt"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
InfoView-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
Instant Estimator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A1F858-8AF3-4B88-A603-E971AC570E42}\Setup.exe" -l0x9
i-Speeder-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jackson Illustrator-->C:\PROGRA~1\JACKSO~1\ILLUST~1\UNWISE.EXE C:\PROGRA~1\JACKSO~1\ILLUST~1\INSTALL.LOG
Learn to Read with Phonics 1st and 2nd Grade-->C:\WINDOWS\TLCUninstall.exe -f "i:\The Learning Company\Learn to Read with Phonics 1st and 2nd Grade\Uninstall.xml"
LexarMedia ImageRescue Software-->MsiExec.exe /X{DE1A361F-31DC-4AC5-ABBA-2323BC505880}
LincolnPDF-->C:\WINDOWS\system32\uninstcp.exe C:\LincolnPDF
LPSS Desktop - AMU-->"C:\Program Files\Common Files\Fipsco Shared\FS.EXE" C:\Program Files\Common Files\Fipsco Shared\Script\UninstAMUDesk.EFS
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
MediaFACE II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}\setup.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{007F4F0A-CC46-4C8F-A2AE-26E802625BF3}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (ITSQLEXPRESS)-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Express Edition (NR2007)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Streets and Trips 2005-->MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MoneyGuard and Term Products-->C:\MGTerm\UNWISE.EXE C:\MGTerm\INSTALL.LOG
Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NeatReceipts Database Controller-->MsiExec.exe /X{91789CDD-E83A-4186-B436-AA7A588679FD}
NeatReceipts Professional 3.0 Core Files-->MsiExec.exe /X{8D199EBB-749F-478E-B4E4-9D343A1BEB07}
NeatReceipts Professional-->C:\Program Files\NeatReceipts Professional\uninstallNR.exe
NumberCruncher-->D:\NUMBER~1\UNWISE.EXE D:\NUMBER~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
palmOne-->MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
PDFill PDF Editor with FREE PDF Writer and Tools-->MsiExec.exe /I{262C7F33-8251-432E-88C1-E9F42A53F8F0}
PDFlib 4.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}\Setup.exe" -uninst
PDFLIB-->C:\PROGRA~1\COSSTEMP\UNWISE.EXE C:\PROGRA~1\COSSTEMP\PDFINS~1.LOG
Perfect Attorney - Forms-->MsiExec.exe /I{49A60041-AFDB-4CE8-B50F-272299DB4F8E}
Phone Dialer Pro-->C:\WINDOWS\ST5UNST.EXE -n "d:\Phone Dialer Pro\ST5UNST.LOG"
Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Quick View Plus-->C:\WINDOWS\UNINSQVP.EXE
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Registry Mechanic 6.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Rosetta Stone Ltd Services-->MsiExec.exe /X{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio Disc Gallery-->MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}
Roxio Easy Media Creator 10 Suite-->MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio MediaShare-->MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sagicor Life Insurance ForeSight Console-->MsiExec.exe /I{A83CD966-2659-4783-A6CB-52AFF0961DAA}
ScanSoft OmniPage SE 4-->MsiExec.exe /I{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Sudoku-->"C:\Program Files\Common Files\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
Super Gem Drop-->I:\GAMES\GEMDROP\UNWISE.EXE /U I:\GAMES\GEMDROP\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TextBridge Pro Millennium-->MsiExec.exe /I{5AB1BFD2-819E-11D3-80D9-00C04F559BE6}
The Weather Channel Desktop-->C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
TurboCAD Deluxe 14-->MsiExec.exe /I{1EA9F5CC-BD77-48FC-A9AF-E71646F2E55B}
TurboCAD Symbols-->MsiExec.exe /I{07CEC3B0-83D0-422A-BE6D-63633C5063BB}
TurboTax Basic 2003-->I:\ttax03\TaxUnst.EXE "I:\ttax03\Uninstall.log" -NoGui
TurboTax Basic 2004-->I:\TTAX04\TaxUnst.EXE "I:\TTAX04\Uninstall.log" -NoGui
TurboTax Basic 2006-->I:\TurboTax Basic 2006\TaxUnst.EXE "I:\TurboTax Basic 2006\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->I:\TTax05\TurboTax Deluxe 2005\TaxUnst.EXE "I:\TTax05\TurboTax Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\TaxUnst.EXE "I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
UVC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DF8832B-DEB6-4768-B73D-F5335B7DEE60}\setup.exe"
VersaCheck Personal 2000-->C:\WINDOWS\IsUninst.exe -f"i:\versacheck personal 2000\DeIsL4.isu"
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"D:\WINZIP\WINZIP32.EXE" /uninstall
WordPerfect Office 12-->MsiExec.exe /I{20BFD848-897A-48BB-97A7-CDB5A8D4719E}
WordPerfect OfficeReady-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}\setup.exe"
Yahoo! SiteBuilder-->"C:\Program Files\Yahoo SiteBuilder\uninstall.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall Plus
FW: ActiveArmor Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\;C:\Program Files\Common Files\NeatReceipts\NeatOCR 2.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
-----------------EOF-----------------
Before we continue with removal, I need to know that is McAfee up-to-date?
Teenangel
2008-11-24, 18:17
No, McAfee is NOT up to date. I purchased a network suite and was never able to fully install all the programs, even after several telephone calls, finally I gave up and just let the program expire when the annual "subscription" ran out.
Teenangel
Thank you for information.
We will replace it with freeware programs later.
Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).
Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\vafujif.vbs
C:\Documents and Settings\All Users\Application Data\huno.com
C:\WINDOWS\xavupadigu.vbs
C:\WINDOWS\sola.bat
C:\Documents and Settings\Bill\Application Data\kufimi.bat
C:\WINDOWS\system32\onubu.com
C:\Program Files\Common Files\yqaxyjyxi.dll
C:\Program Files\Common Files\mijywad.vbs
C:\Program Files\Common Files\yquhymuz.dll
C:\WINDOWS\ypuveb.com
C:\WINDOWS\ugejuma.exe
C:\WINDOWS\system32\yqeda.dll
C:\Program Files\Common Files\yzijiv.com
C:\Documents and Settings\Bill\Application Data\bamehe.bat
C:\Documents and Settings\All Users\Application Data\momiqokyp.bat
C:\WINDOWS\anodi.exe
C:\Program Files\Common Files\ohopymow.com
C:\Documents and Settings\Bill\Application Data\iduv.vbs
C:\Documents and Settings\All Users\Application Data\ahibyt.dll
C:\WINDOWS\wagily.dll
C:\WINDOWS\system32\ibaz.vbs
C:\WINDOWS\lejubibo.vbs
C:\Documents and Settings\Bill\Application Data\nuwigoxik.vbs
C:\Documents and Settings\All Users\Application Data\neticax.com
C:\Program Files\Common Files\anicud.dll
C:\WINDOWS\ywagoxo.bat
C:\Documents and Settings\All Users\Application Data\wajiqijuh.dll
C:\Program Files\Common Files\ybycesagyg.exe
C:\Program Files\Common Files\uwelyn.bat
C:\Program Files\Common Files\fysit.dll
C:\Program Files\XPProtectionCenter
:commands
[EmptyTemp]
[reboot]
Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Re-run rsit.
Post:
- a fresh rsit log (only log.txt will appear)
- otmoveit3 log
Teenangel
2008-11-24, 21:23
After several machine lockups, and instructions to re-boot but being unable to find any log file and/or C:\OTMoveIt\MovedFiles folder. I ran MoveIt again and it completed, then I copied this file to this reply.
========== FILES ==========
File/Folder C:\WINDOWS\vafujif.vbs not found.
File/Folder C:\Documents and Settings\All Users\Application Data\huno.com not found.
File/Folder C:\WINDOWS\xavupadigu.vbs not found.
File/Folder C:\WINDOWS\sola.bat not found.
File/Folder C:\Documents and Settings\Bill\Application Data\kufimi.bat not found.
File/Folder C:\WINDOWS\system32\onubu.com not found.
File/Folder C:\Program Files\Common Files\yqaxyjyxi.dll not found.
File/Folder C:\Program Files\Common Files\mijywad.vbs not found.
File/Folder C:\Program Files\Common Files\yquhymuz.dll not found.
File/Folder C:\WINDOWS\ypuveb.com not found.
File/Folder C:\WINDOWS\ugejuma.exe not found.
File/Folder C:\WINDOWS\system32\yqeda.dll not found.
File/Folder C:\Program Files\Common Files\yzijiv.com not found.
File/Folder C:\Documents and Settings\Bill\Application Data\bamehe.bat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\momiqokyp.bat not found.
File/Folder C:\WINDOWS\anodi.exe not found.
File/Folder C:\Program Files\Common Files\ohopymow.com not found.
File/Folder C:\Documents and Settings\Bill\Application Data\iduv.vbs not found.
File/Folder C:\Documents and Settings\All Users\Application Data\ahibyt.dll not found.
File/Folder C:\WINDOWS\wagily.dll not found.
File/Folder C:\WINDOWS\system32\ibaz.vbs not found.
File/Folder C:\WINDOWS\lejubibo.vbs not found.
File/Folder C:\Documents and Settings\Bill\Application Data\nuwigoxik.vbs not found.
File/Folder C:\Documents and Settings\All Users\Application Data\neticax.com not found.
File/Folder C:\Program Files\Common Files\anicud.dll not found.
File/Folder C:\WINDOWS\ywagoxo.bat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\wajiqijuh.dll not found.
File/Folder C:\Program Files\Common Files\ybycesagyg.exe not found.
File/Folder C:\Program Files\Common Files\uwelyn.bat not found.
File/Folder C:\Program Files\Common Files\fysit.dll not found.
File/Folder C:\Program Files\XPProtectionCenter not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Bill\LOCALS~1\Temp\hsperfdata_Bill\3336 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bill\LOCALS~1\Temp\~DFA51F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bill\LOCALS~1\Temp\~DFAF66.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bill\LOCALS~1\Temp\~DFAF73.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bill\LOCALS~1\Temp\~ROMFN_00000804 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bill\LOCALS~1\Temp\~ROMFN_00000B9C scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_100.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Error: Unable to interpret <[reboot]Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.> in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_111737
=============================
Here is the file created by RSIT on this run
=============================
Logfile of random's system information tool 1.04 (written by random/random)
Run by Bill at 2008-11-24 11:21:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 1023 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:16 AM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\download\HiJack This\RSIT.exe
C:\Program Files\trend micro\Bill.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
--
End of file - 13590 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-17 343112]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{9566395f-43d2-4c64-b525-b501ffa276e2} - File Print FedEx Kinko's - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\McAgent.exe [2005-09-22 303104]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"UIUCU"=C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
"RegistryMechanic"= []
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"nwiz"=nwiz.exe /install []
"MPFEXE"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-05-21 124512]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"OpwareSE4"=C:\Program Files\ScanSoft\OpwareSE4.exe [2007-02-04 79400]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"DMXLauncher"=C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-23 90112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-12-21 270336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"UVC"=C:\Program Files\UVC\UVC.exe [2004-11-26 45056]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - D:\palm\Hotsync.exe
Sagicor Life ForeSight Startup Service.lnk - C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
WinZip Quick Pick.lnk - D:\WINZIP\WZQKPICK.EXE
C:\Documents and Settings\Bill\Start Menu\Programs\Startup
Phone Dialer Pro.LNK - D:\Phone Dialer Pro\phonepro.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Fiserv Life Portraits\FipWebServer.exe"="C:\Fiserv Life Portraits\FipWebServer.exe:*:Enabled:FipWebServer"
"I:\act6\ActUpdt.exe"="I:\act6\ActUpdt.exe:*:Enabled:ACT! Update"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\TurboTax Basic 2006\32bit\ttax.exe"="I:\TurboTax Basic 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"I:\TurboTax Basic 2006\32bit\updatemgr.exe"="I:\TurboTax Basic 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer"
"C:\Program Files\Kinko's\FPFK\FPKMain.exe"="C:\Program Files\Kinko's\FPFK\FPKMain.exe:*:Enabled:File, Print FedEx Kinko's"
"C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe"="C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.Queue.exe:*:Enabled:File, Print FedEx Kinko's System Tray"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\palm\Hotsync.exe"="D:\palm\Hotsync.exe:*:Enabled:HotSyncŪ Manager Application"
"I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\ttax.exe"="I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe"="I:\TurboTax Deluxe 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"E:\WordPerfect Office X4\WordPerfect MAIL\Programs\bin\WPMail.exe"="E:\WordPerfect Office X4\WordPerfect MAIL\Programs\bin\WPMail.exe:*:Enabled:WordPerfect MAIL for Windows"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba60c59-41bc-11da-a8b6-806d6172696f}]
shell\AutoRun\command - Z:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90072bb8-c1f3-11dc-80a3-001921358b90}]
shell\AutoRun\command - J:\setupSNK.exe
======List of files/folders created in the last 1 months======
2008-11-24 06:03:50 ----D---- C:\rsit
2008-11-23 07:43:47 ----D---- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-11-23 07:43:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 07:43:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-21 08:37:25 ----D---- C:\Program Files\Trend Micro
2008-11-20 18:06:23 ----D---- C:\Program Files\gs
2008-11-20 18:03:57 ----D---- C:\Program Files\PlotSoft
2008-11-20 18:03:57 ----D---- C:\Documents and Settings\All Users\Application Data\PlotSoft
2008-11-20 14:16:05 ----D---- C:\WINDOWS\Minidump
2008-11-20 14:11:31 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-11-17 08:37:24 ----D---- C:\Program Files\COSSTEMP
2008-11-12 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 03:04:11 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-11-08 07:28:48 ----D---- C:\Program Files\Pappocom
2008-11-08 07:28:41 ----D---- C:\Program Files\Common Files\MimarSinan
2008-11-07 17:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Insurance Technologies
2008-11-07 17:57:04 ----D---- C:\Program Files\ForeSight
======List of files/folders modified in the last 1 months======
2008-11-24 11:17:37 ----D---- C:\WINDOWS\Temp
2008-11-24 11:14:38 ----D---- C:\WINDOWS
2008-11-24 11:05:44 ----SH---- C:\boot.ini
2008-11-24 11:05:44 ----A---- C:\WINDOWS\win.ini
2008-11-24 11:05:44 ----A---- C:\WINDOWS\system.ini
2008-11-24 11:05:23 ----D---- C:\Program Files\UVC
2008-11-24 11:04:32 ----D---- C:\WINDOWS\Prefetch
2008-11-24 11:03:47 ----A---- C:\WINDOWS\ModemLog_Conexant HCF V90 56K RTAD Speakerphone PCI Modem.txt
2008-11-24 11:01:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-24 10:57:34 ----RD---- C:\Program Files
2008-11-24 10:57:33 ----D---- C:\Program Files\Common Files
2008-11-24 10:57:30 ----D---- C:\WINDOWS\system32
2008-11-23 19:15:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-23 13:43:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 13:43:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 12:18:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 07:49:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 07:48:11 ----D---- C:\Program Files\Registry Mechanic
2008-11-21 07:26:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-20 18:04:23 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-20 18:04:01 ----SHD---- C:\WINDOWS\Installer
2008-11-20 16:02:14 ----D---- C:\WINDOWS\system32\config
2008-11-20 16:01:32 ----D---- C:\WINDOWS\system32\wbem
2008-11-20 16:01:32 ----D---- C:\WINDOWS\Registration
2008-11-20 15:47:14 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-20 14:03:28 ----D---- C:\WINDOWS\DRIVERS
2008-11-17 08:37:43 ----D---- C:\TEMP
2008-11-17 08:34:01 ----HD---- C:\WINDOWS\inf
2008-11-16 17:26:45 ----D---- C:\WINDOWS\Help
2008-11-12 03:02:30 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:02:28 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:01:30 ----D---- C:\WINDOWS\WinSxS
2008-11-09 03:04:27 ----D---- C:\Program Files\Microsoft SQL Server
2008-11-09 03:02:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-08 07:33:56 ----D---- C:\Documents and Settings\Bill\Application Data\Adobe
2008-11-08 07:33:55 ----D---- C:\Documents and Settings\Bill\Application Data\Macromedia
2008-11-08 07:33:49 ----D---- C:\WINDOWS\system32\Macromed
2008-11-08 07:33:15 ----D---- C:\WINDOWS\system32\Adobe
2008-11-08 07:32:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 17:49:29 ----RSD---- C:\WINDOWS\assembly
2008-11-03 19:29:02 ----D---- C:\Documents and Settings\Bill\Application Data\InstallShield
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-06-20 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-06-20 9200]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2001-08-13 737973]
S1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-06 35328]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
S3 GMSIPCI;GMSIPCI; \??\Z:\INSTALL\GMSIPCI.SYS []
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-05-06 16694]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-23 47360]
S3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor;Adobe Active File Monitor; D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-12-21 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-09-23 20543]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller; C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2008-02-05 228480]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-12-21 127035]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-12-21 61503]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 RosettaStoneLtdController;RosettaStoneLtdController; C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2007-10-31 354648]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 MSSQL$NR2007;SQL Server (NR2007); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
-----------------EOF-----------------
Don't worry it went fine :)
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open hijackthis, click do a system scan only and checkmark this:
O20 - AppInit_DLLs: karna.dat
Close all windows including browser and press fix checked.
Reboot.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Teenangel
2008-11-25, 04:49
OK, It's done at looooooooonnnnngggg last, here are the scans.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 24, 2008 18:36:51
Records in database: 1409681
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\
M:\
N:\
X:\
Y:\
Z:\
Scan statistics:
Files scanned: 157559
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:52:13
File name / Threat name / Threats count
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\6IBDFIRL\Binaries1[1].cab Infected: Trojan.Win32.FraudPack.gxc 1
C:\Documents and Settings\Bill\My Documents\backups\backup-20070515-093055-552.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g 1
C:\WINDOWS\DRIVERS\beep.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\WINDOWS\pss\Reboot.exeStartup Infected: not-a-virus:RiskTool.Win32.Reboot.e 1
The selected area was scanned.
===============================================
===============================================
:spider::spider:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:05 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\SM1BG.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bill\Local Settings\Temp\jkos-Bill\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
--
Delete these:
C:\Documents and Settings\Bill\My Documents\backups\backup-20070515-093055-552.dll
C:\WINDOWS\DRIVERS\beep.sys
Empty Recycle Bin.
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Still problems?
Teenangel
2008-11-25, 17:12
Well, it seems that my problems have gone away, BUT I just got rid of all my passwords.
If you are really in Finland, you must be working LATE at night and/or EARLY in the morning.
You have been a life saver. Thank you again for your help! Next time you are in the Seattle, WA, USA area, drop me a note. I'll buy you lunch.
Teenangel
Teenangel
2008-11-25, 17:14
Well, it seems that my problems have gone away, BUT I just got rid of all my passwords. :oops:
If you are really in Finland, you must be working LATE at night and/or EARLY in the morning.
You have been a life saver. Thank you again for your help! Next time you are in the Seattle, WA, USA area, drop me a note. I'll buy you lunch.
Teenangel
Glad to hear that and thanks for offer :)
Next we will replace McAfee.
Download one antivirus and one firewall from below:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Disconnect from internet.
Uninstall these:
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Install that firewall and antivirus you downloaded earlier.
Reconnect to internet.
Post back a fresh HijackThis log, please.
Teenangel
2008-11-26, 00:12
:sad:
OK, so now I feel exposed. I was able to download a firewall and an anti-virus program, BUT I could not uninstall the McAfee Security Center, it tells me that I must uninstall all McAfee Services. As far as I know, I don't have any services other than McAfee Security Center.
So, I haven't installed the Anti-virus OR the Firewall.
How do I get the Security Center uninstalled when the Windows Add/Remove Programs won't let me uninstall it?
Teenangel
Teenangel
2008-11-26, 00:16
:oops:
I should have said that I was able to uninstall the McAfee Firewall and the McAfee Antivirus programs but am still unable to uninstall the Security Center Program. My Windows Add/Remove form does not show any McAfee programs, other than Security Center.
ALSO, I am pasting a copy of a new HJT Log, herewith:
=================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:37 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\msiexec.exe
H:\MsOffice\Office10\WINWORD.EXE
H:\MsOffice\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
--
End of file - 12272 bytes
OK, let's do this:
First enable windows own firewall via Control panel
Copy text below to Notepad and save it as remmcafee.bat (save it as all files, *.*)
@ECHO OFF
sc stop McDetect.exe
sc delete McDetect.exe
sc stop McTskshd.exe
sc delete McTskshd.exe
sc stop mcupdmgr.exe
sc delete mcupdmgr.exe
rd c:\program files\mcafee.com /s /q
del remmcafee.bat
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG
Doubleclick remmcafee.bat; black dos windows will flash, that's normal.
Reboot.
Post back a fresh HijackThis log, please.
Teenangel
2008-11-26, 16:57
:eek:
Ok, I created the batch file and ran it.
Then I thought I would be clever and go remove the McAfee Security Center.
Same problem, windows tells me I have to remove all McAfee Services before I can remove the Security Center.
It looks like there is some McAfee stuff at C:\PROGRA~1\mcafee.com\agent\, but I don't know enough about it to know whether what is showing up in lines 04 and 016 are just the security center or are the Services that should be shut down.
SO, I gave up and am sending you the HJT Log.
===============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:55 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
--
End of file - 11879 bytes
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
Close all windows including browser and press fix checked.
Reboot.
Delete this folder:
C:\PROGRA~1\mcafee.com
Try now to remove McAfee Security Center
Post back a fresh HijackThis log and tell me if it was now successful?
Teenangel
2008-11-26, 18:07
:clown:
OK, we got it this time. When I tried to remove it, windows said it wasn't there, and did I want to remove it from the list of programs. I told it yes.
Here's the HJT Log.
=========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:02 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
--
End of file - 11630 bytes
Yes it now it looks good :)
Please install now antivirus and firewall and post back a fresh HijackThis log afterwards.
Teenangel
2008-11-26, 19:46
:oops:
Turns out I did have a firewall--I had forgotten about installing it, some time back--NVIDIA Active Armor. I discovered this when I was trying to install the ZoneAlarm software. I uninstalled the NVIDIA program and Installed ZoneAlarm with spyware turned off. Then I installed Avira Anti-virus. The HJT Log, below, is after all that.
==============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:11 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11386 bytes
"Turns out I did have a firewall--I had forgotten about installing it, some time back--NVIDIA Active Armor. I discovered this when I was trying to install the ZoneAlarm software."
OK that is fine :)
Log looks fine. Still some issues?
Teenangel
2008-11-26, 19:50
:oops:
Turns out I did have a firewall--I had forgotten about installing it, some time back--NVIDIA Active Armor. I discovered this when I was trying to install the ZoneAlarm software. I uninstalled the NVIDIA program and Installed ZoneAlarm with spyware turned off. Then I installed Avira Anti-virus. The HJT Log, below, is after all that.
ZoneAlarm tells me I have a Bonjour program which is attempting Internet Access. I denied it since I don't know what it is. Is that OK?
==============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:11 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OpwareSE4.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UVC\UVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\palm\Hotsync.exe
D:\WINZIP\WZQKPICK.EXE
D:\Phone Dialer Pro\phonepro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bill\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UVC] C:\Program Files\UVC\UVC.exe -bootstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Phone Dialer Pro.LNK = D:\Phone Dialer Pro\phonepro.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\palm\Hotsync.exe
O4 - Global Startup: Sagicor Life ForeSight Startup Service.lnk = C:\Program Files\ForeSight\SLI\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WINZIP\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MsOffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - e:\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208020496171
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Bill\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11386 bytes
Bonjour is this:
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
Related to apple software (eg. itunes or ipod). You can allow it.
Teenangel
2008-11-26, 19:54
Well I guess that I posted that last reply twice.
At this point, I don't know what issues I have, I haven't tried to access anything that has mysteriously disappeared or whatever.
It looks like the problem has been taken care of.
Thanks, again.
Teenangel :2thumb:
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Next we remove all used tools.
You can delete rsit and c:\rsit folder.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Teenangel
2008-11-26, 20:01
OK!
Thanks, I will do so on next start up.
Teenangel
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.